mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-18 04:41:56 +00:00
4e89c53082
Wraps every sync->async coroutine-scheduling site in the codebase with a new agent.async_utils.safe_schedule_threadsafe() helper that closes the coroutine on scheduling failure (closed loop, shutdown race, etc.) instead of leaking it as 'coroutine was never awaited' RuntimeWarnings plus reference leaks. 22 production call sites migrated across the codebase: - acp_adapter/events.py, acp_adapter/permissions.py - agent/lsp/manager.py - cron/scheduler.py (media + text delivery paths) - gateway/platforms/feishu.py (5 sites, via existing _submit_on_loop helper which now delegates to safe_schedule_threadsafe) - gateway/run.py (10 sites: telegram rename, agent:step hook, status callback, interim+bg-review, clarify send, exec-approval button+text, temp-bubble cleanup, channel-directory refresh) - plugins/memory/hindsight, plugins/platforms/google_chat - tools/browser_supervisor.py (3), browser_cdp_tool.py, computer_use/cua_backend.py, slash_confirm.py - tools/environments/modal.py (_AsyncWorker) - tools/mcp_tool.py (2 + 8 _run_on_mcp_loop callers converted to factory-style so the coroutine is never constructed on a dead loop) - tui_gateway/ws.py Tests: new tests/agent/test_async_utils.py covers helper behavior under live loop, dead loop, None loop, and scheduling exceptions. Regression tests added at three PR-original sites (acp events, acp permissions, mcp loop runner) mirroring contributor's intent. Live-tested end-to-end: - Helper stress test: 1500 schedules across live/dead/race scenarios, zero leaked coroutines - Race exercised: 5000 schedules with loop killed mid-flight, 100 ok / 4900 None returns, zero leaks - hermes chat -q with terminal tool call (exercises step_callback bridge) - MCP probe against failing subprocess servers + factory path - Real gateway daemon boot + SIGINT shutdown across multiple platform adapter inits - WSTransport 100 live + 50 dead-loop writes - Cron delivery path live + dead loop Salvages PR #2657 — adopts contributor's intent over a much wider site list and a single centralized helper instead of inline try/except at each site. 3 of the original PR's 6 sites no longer exist on main (environments/patches.py deleted, DingTalk refactored to native async); the equivalent fix lives in tools/environments/modal.py instead. Co-authored-by: JithendraNara <jithendranaidunara@gmail.com>
148 lines
4.7 KiB
Python
148 lines
4.7 KiB
Python
"""ACP permission bridging for Hermes dangerous-command approvals."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import asyncio
|
|
import logging
|
|
from concurrent.futures import TimeoutError as FutureTimeout
|
|
from itertools import count
|
|
from typing import Callable
|
|
|
|
from acp.schema import (
|
|
AllowedOutcome,
|
|
PermissionOption,
|
|
)
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
# Maps ACP permission option ids to Hermes approval result strings.
|
|
# Option ids are stable across both the ``allow_permanent=True`` and
|
|
# ``allow_permanent=False`` paths even though the option list differs.
|
|
_OPTION_ID_TO_HERMES = {
|
|
"allow_once": "once",
|
|
"allow_session": "session",
|
|
"allow_always": "always",
|
|
"deny": "deny",
|
|
}
|
|
|
|
_PERMISSION_REQUEST_IDS = count(1)
|
|
|
|
|
|
def _build_permission_options(*, allow_permanent: bool) -> list[PermissionOption]:
|
|
"""Return ACP options that match Hermes approval semantics."""
|
|
options = [
|
|
PermissionOption(option_id="allow_once", kind="allow_once", name="Allow once"),
|
|
PermissionOption(
|
|
option_id="allow_session",
|
|
# ACP has no session-scoped kind, so use the closest persistent
|
|
# hint while keeping Hermes semantics in the option id.
|
|
kind="allow_always",
|
|
name="Allow for session",
|
|
),
|
|
]
|
|
if allow_permanent:
|
|
options.append(
|
|
PermissionOption(
|
|
option_id="allow_always",
|
|
kind="allow_always",
|
|
name="Allow always",
|
|
),
|
|
)
|
|
options.append(PermissionOption(option_id="deny", kind="reject_once", name="Deny"))
|
|
return options
|
|
|
|
|
|
def _build_permission_tool_call(command: str, description: str):
|
|
"""Return the ACP tool-call update attached to a permission request.
|
|
|
|
``request_permission`` expects a ``ToolCallUpdate`` payload — produced
|
|
by ``_acp.update_tool_call`` — not a ``ToolCallStart``. Each request
|
|
gets a unique ``perm-check-N`` id so concurrent requests don't collide.
|
|
"""
|
|
import acp as _acp
|
|
|
|
tool_call_id = f"perm-check-{next(_PERMISSION_REQUEST_IDS)}"
|
|
return _acp.update_tool_call(
|
|
tool_call_id,
|
|
title=description,
|
|
kind="execute",
|
|
status="pending",
|
|
content=[_acp.tool_content(_acp.text_block(f"$ {command}"))],
|
|
raw_input={"command": command, "description": description},
|
|
)
|
|
|
|
|
|
def _map_outcome_to_hermes(outcome: object, *, allowed_option_ids: set[str]) -> str:
|
|
"""Map an ACP permission outcome into Hermes approval strings."""
|
|
if not isinstance(outcome, AllowedOutcome):
|
|
return "deny"
|
|
|
|
option_id = outcome.option_id
|
|
if option_id not in allowed_option_ids:
|
|
logger.warning("Permission request returned unknown option_id: %s", option_id)
|
|
return "deny"
|
|
return _OPTION_ID_TO_HERMES.get(option_id, "deny")
|
|
|
|
|
|
def make_approval_callback(
|
|
request_permission_fn: Callable,
|
|
loop: asyncio.AbstractEventLoop,
|
|
session_id: str,
|
|
timeout: float = 60.0,
|
|
) -> Callable[..., str]:
|
|
"""
|
|
Return a Hermes-compatible approval callback that bridges to ACP.
|
|
|
|
The callback accepts ``command`` and ``description`` plus optional
|
|
keyword arguments such as ``allow_permanent`` used by
|
|
``tools.approval.prompt_dangerous_approval()``.
|
|
|
|
Args:
|
|
request_permission_fn: The ACP connection's ``request_permission`` coroutine.
|
|
loop: The event loop on which the ACP connection lives.
|
|
session_id: Current ACP session id.
|
|
timeout: Seconds to wait for a response before auto-denying.
|
|
"""
|
|
|
|
def _callback(
|
|
command: str,
|
|
description: str,
|
|
*,
|
|
allow_permanent: bool = True,
|
|
**_: object,
|
|
) -> str:
|
|
from agent.async_utils import safe_schedule_threadsafe
|
|
|
|
options = _build_permission_options(allow_permanent=allow_permanent)
|
|
|
|
tool_call = _build_permission_tool_call(command, description)
|
|
coro = request_permission_fn(
|
|
session_id=session_id,
|
|
tool_call=tool_call,
|
|
options=options,
|
|
)
|
|
future = safe_schedule_threadsafe(
|
|
coro, loop,
|
|
logger=logger,
|
|
log_message="Permission request: failed to schedule on loop",
|
|
)
|
|
if future is None:
|
|
return "deny"
|
|
|
|
try:
|
|
response = future.result(timeout=timeout)
|
|
except (FutureTimeout, Exception) as exc:
|
|
future.cancel()
|
|
logger.warning("Permission request timed out or failed: %s", exc)
|
|
return "deny"
|
|
|
|
if response is None:
|
|
return "deny"
|
|
|
|
allowed_option_ids = {option.option_id for option in options}
|
|
return _map_outcome_to_hermes(
|
|
response.outcome,
|
|
allowed_option_ids=allowed_option_ids,
|
|
)
|
|
|
|
return _callback
|